Multi-factor authentication

Administration tool ::: tool_mfa
Maintained by Catalyst IT, Brendan Heywood, Peter Burnett, Mikhail Golenkov
This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins. https://en.wikipedia.org/wiki/Multi-factor_authentication
Latest release:
1135 sites
790 downloads
38 fans
Current versions available: 2

NOTE: Moodle 4.3 (and higher) include this feature in the core release - you only need this plugin if you are using an older Moodle release.

This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.

https://en.wikipedia.org/wiki/Multi-factor_authentication

Why another MFA plugin for Moodle?

There are other 2FA plugins for moodle such as:

https://moodle.org/plugins/auth_a2fa

This one is different because it is NOT a Moodle authentication plugin. It leverages new API's that Catalyst specifically implemented in Moodle Core to enable plugins to augment the login process instead of replacing it. This means that this MFA plugin can be added on top of any other authentication plugin resulting in a much cleaner architecture, and it means you can compose a solution that does everything you need instead of compromising by swapping out the entire login flow.

See this tracker and the dev docs for more info:

https://tracker.moodle.org/browse/MDL-66173

https://docs.moodle.org/dev/Login_callbacks

The other major difference is that we support multiple authentication factor types as sub plugins, eg IP Range, Email, TOTP, WebAuthn / FIDO2 and in future others such as SMS or hardware tokens or anything else as new sub-plugins. They can be flexible configured so that different combinations of factors are considered enough.

Flexible configuration

The MFA has multiple sub-plugins for each type of factor. Different factors can be combined and checked in a specific order. See the plugin readme for the full details:

https://github.com/catalyst/moodle-tool_mfa/#configuration

For more information, consult the readme:

https://github.com/catalyst/moodle-tool_mfa/

Warm thanks

Thanks to Swissbit for sponsoring the work to add WebAuthn / FIDO2 support to this plugin.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4
Screenshot #5

Contributors

Catalyst IT (Lead maintainer)
Brendan Heywood: Solutions Architect
Peter Burnett: Developer
Mikhail Golenkov: Developer
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Stefan Biehl
    Thu, Sep 7, 2023, 1:35 AM
    Hi, how can I extend the grace period if it passed and some users can't login anymore?
  • Peter Kelly
    Tue, Sep 19, 2023, 9:30 AM
    Hi, I'm running into an issue, I have these MFA's in order) TOTP app 100, EMail 100, Grace Period 100. Email works fine, Grace period seems to be working fine, I am not getting any TOPT setup options in the user profile settings. Preferences
    User account
    Edit profile
    Change password
    Preferred language
    Forum preferences
    Editor preferences
    Calendar preferences
    Content bank preferences
    Message preferences
    Notification preferences. Any ideas on how to proceed.? Nothing jumps at me in the log files.
  • serge-fabien woi
    Thu, Oct 5, 2023, 2:29 AM
    Good evening, I'm a Moodle student and I'd like to know if you can help me install the MFA plugin because on the link https://github.com/catalyst/moodle-tool_mfa/ it's really complicated for me to install and configure it. I use Moodle 4 and the eguru theme.
  • Zoran Jančić
    Mon, Oct 9, 2023, 9:21 PM
    We are using this plugin on our Moodle 4.2. IT says Moodle 4.3 has MFA in the core, but there are no instructions about migrating existing data from MFA plugin to MFA core. Will upgrade scripts automatically do it or there are some additional steps required?
  • Peter Burnett
    Tue, Oct 10, 2023, 6:46 AM
    Hi Zoran, no migration should be required, it is the exact same plugin within core, Moodle HQ have adopted the existing plugin, so no additional work or config should be required.
  • Michael O'Callaghan
    Thu, Feb 8, 2024, 1:16 AM
    Hi, Thanks for a fantastic plugin. I'm just wondering if its possible to modify/customize the email that is sent by the MFA plugin?
  • heli g
    Mon, Feb 26, 2024, 3:10 PM
    Please can you update the version in the Moodle plugins directory. We have encountered what looks like this bug: Using email MFA behind VPN with private-range IP addresses results in exception https://github.com/catalyst/moodle-tool_mfa/issues/444
    Thank you
  • Ezzeddin Hamed
    Wed, May 22, 2024, 4:34 PM
    A wonderful addition to Moodle, I like it very much.

    I am trying to customize email messages using email factor, I found the customization in the language file factor_email.php, but could not find anything about the logo which I want to completely remove.

    In the language files, I could not find anything related. Is it hard coded? If so, which appears to be, would you guide me where? In which file?

    Thanks a lot,
  • Ezzeddin Hamed
    Thu, May 23, 2024, 5:46 AM
    I reached it and modified the related mustache file.

    On the other hand, I am trying to reset authentication factors for a user, I applied all factors that are active, but the user still logs in without new factor enforcement.

    Should I consider this as a bug? I am using Moodle 4.3.3.
  • Ken Farrimond
    Sat, Aug 10, 2024, 12:42 AM
    Hi Catalyst Great plugin. Does it support IPv6 address for IP authentication. If not is there a workaround?
  • Hector A
    Wed, Aug 14, 2024, 6:50 AM
    Hi, Is there an estimate as to when the SMS feature will be available?
  • Douglas Matheson
    Thu, Aug 29, 2024, 1:49 PM
    Good morning,

    Is this compatible with version 4.4?
  • Ezzeddin Hamed
    Mon, Sep 2, 2024, 9:03 PM
    I used multi-factor, one of the factors is email which is given 14 days. A specific user logs in without new verification, I want to enforce this use to login. In the database, there are 3 tables that are obvious for the "too_mfa_xxx", I removed every record in the 3 tables of the database that relates to that specific user and he still logs in without new verification code.

    How to enforce this user to have a new authentication?

    Thanks,
  • joaquin gonzalez
    Tue, Oct 15, 2024, 6:33 AM
    Good afternoon, I wanted to ask a question, to install the plugin in 3.8, is it not enough to just install the plugin? I understand that you also have to configure certain parameters from the server and install a git, is that correct?
  • Teofilo Esto
    Fri, Nov 22, 2024, 6:46 AM
    we have enabled factor_token (Trust My Device) so that MFA will only be done once a day but couldn't seem to get it to work. is there special configuration needed? our moodle is load balanced into 4 different webservers with redis sessions and cache enabled.
1 2 3 4 5
Please login to post comments